Word of Advice, Avoid Sony Audio CD's released this year like the plague.

[water]

...they install rootkits on your system, and the patch is a defective homecalling device.

A couple of links for your reading:

http://www.sysinternals.com/blog/2005/10/sony-rootkits-and-digital-rights.html

I entered the company name into my Internet browser

[RTB]

It's technically not a rootkit, but is definatly extremely annoying to have on ones computer. Stupid Sony.

[water]

It's technically not a rootkit, but is definitely extremely annoying to have on ones computer. Stupid Sony.

It may not be technically, but for people like myself who are rather largely computer ignorant, it causes many problems.

Sony's way of protecting their material might be a reason for artists to leave the company for one that is more geared to customer satisfaction. if they continue this way of working, they might just as well sign their death warrant.

When I hear about these types of games, I immediately want to boycott and form a movement to boycott these types of companies. Any more you need to be a coding genius to understand what companies are putting on your computer, if I'm going to a website that installs spyware - I can pretty much accept that. But when I am paying 15 to 20 dollars for a commercial product that is going to AFFECT my computer, that is a wholly different story.

Alas, we thought the same about the On-line Activation of Windows XP and Photoshop cs. Microsoft and Adobe are still alive.

There are also worries about virus's and spyware that might use the hiding of the $sys$ prefix files when the Sony rootkit is installed.

People might say that it is pointless to worry about, but if a virusscanner can't see a file, it doesn't mean it isn't running.

The big trouble is that it only needs to run a little code, the rootkit is already there, installed by the user who played a Sony CD. So if there ARE virus's and other malware around, taking advantage of said rootkit, Sony might be blamed in helping in computer crime (if you can call virus/spyware and similar programs crime) which I would, BTW.

This is just nasty.

[junkieXL]

it makes no sense that these ham-handed corporate blokes would try something as lame as this...rootkits? rolling off everything from death metal cd's all the way to little sister's 'Big Bird goes to East Overshoe' sing-a-long albums...I can personally state this 'mp3 piracy' is a generally a fallacy, as i have been ripping & serving mp3's & music videos for 7 years on EFNet, and guess what SONY i have right next to me--in a 8-foot tall media rack over 1200 cd's i have purchased. Most people do the same thing as i.....download the new tracks you want, until you can make it to Tower Records & buy it.

Anyways, Sony, you get 2 Thumbs-Down on this charade....(btw your stereo equipment really sucks...real bad).

-JxL

[bigw]

Are these made in China?? Communist China? The commies are after us and our downloading techniques

[Shug7272]

THATS WHAT YOU GET FOR BUYING MUSIC SUCKERS... AAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHH HAHAHAHAHAHAHAHaaaa...

**Runs off cackling into the night, gets disoriented, runs into a tree.........falls down while urinating on himself............................farts....rolls over.**

SUUUUCKKKKeeerrrsssss....

**runs into the woods**

[DJVageli]

THATS WHAT YOU GET FOR BUYING MUSIC SUCKERS... AAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHHH HAHAHAHAHAHAHAHaaaa...

**Runs off cackling into the night, gets disoriented, runs into a tree.........falls down while urinating on himself............................farts....rolls over.**

SUUUUCKKKKeeerrrsssss....

**runs into the woods**

LMFAO Hahahahahaha :haha: :haha:

That there had me going crazy :haha:

[water]

You'll like this:

http://www.npr.org/templates/story/story.php?storyId=4989260

Thomas Hessa,'PRESIDENT of Sony BMG's Global Digital Business'.

Interview is on the link posted above.

(if you listen to it you mightnotice something...)

Hessa: "Most people, I think, do not even know what a Rootkit is, so why should they care about it?"

This is crap, and it's making me even more angry about the whole thing.

[water]

EMI: We don't use rootkits

By Ingrid Marson

Special to CNET News.com

Published: November 7, 2005, 6:53 AM PST

Tell us what you think about this storyTalkBack E-mail this story to a friendE-mail View this story formatted for printingPrint See links from elsewhere to this story (TrackBacks/Pingbacks)TrackBack

The EMI Group, one of the world's largest recording companies, has distanced itself from the controversy surrounding digital rights management (DRM) software used by Sony BMG by stating that it does not use rootkits on its own products.

Sony has been criticized for including DRM software with a music CD that runs even when the CD is not being played, and hides itself using rootkit technology. The software is difficult to remove and, if removed manually, could shut off access to the computer's CD player.

It has been rumored that other recording giants including EMI and the Universal Music Group use technology similar to that used by Sony; an EMI spokesman said on Friday that the DRM used on EMI's CDs can be completely removed if the user doesn't want to play the CD any more.

"The content-protection software that we're using can be easily uninstalled with a standard uninstaller that comes on the disc. EMI is not using any software that hides traces of the program. There is no 'rootkit' behavior, and there are no processes left running in the background," said an EMI spokesman in a statement.

EMI also said it was not working with First 4 Internet, the U.K. company that created the copy-restriction software for Sony, although it is trialing other content-protection software.

"EMI is not using First 4 Internet technology. We recently completed a trial of three content-protection technologies (Macrovision's CDS300, SunnComm's MediaMax and SonyDADC's key2audioXS), and First 4 Internet's technology was not one of those tested," said the spokesman.

Universal Music Group was unable to provide comment in time for this article.

Although Sony's use of rootkits has sparked an outcry, users would find it difficult to sue Sony in the U.K., even if their computer was damaged by its copy-restriction software, according to legal experts.

Ingrid Marson of ZDNet UK reported from London

from here: Cnet

[water]

AND it gets better!

Oxfordshire (UK) - The CEO of the company which provides digital rights management tools and software to global music publisher Sony BMG, and which developed the XCP system that was the subject of controversy this week, told TG Daily in an exclusive interview that, despite what some security software engineers, news sources, and bloggers have suggested, XCP is not, and was never designed to be, a rootkit.

"We believe there are some comments that have been misunderstood in the media," said Matthew Gilliat-Smith, chief executive officer of First 4 Internet, the manufacturers of XCP. "Our view is that this is a 'storm in a teacup,' as we say over here in the UK ... I want to confirm that this is not malware. It's not spyware. There's nothing other than pure content protection, which is benign."

As we reported yesterday, security software engineer Mark Russinovich discovered, through the use of a program he wrote called RootkitRevealer, that drivers deposited on his system from a Sony BMG audio CD he purchased were using stealth techniques to hide their appearance not only from the user, but also from portions of the Windows operating system. These drivers had been installed in such a way that they were run perpetually, loaded automatically - even in safe mode - and were referenced in the Windows System Registry using a method that could not be deleted without extensive reworking of the Registry, to enable the operating system to recognize the CD-ROM drive again. In his investigation, he identified these drivers as part of the XCP copy protection system.

more here: http://www.tgdaily.com/2005/11/04/f4i_says_sony_bmg_xcp_is_not_rootkit/

NOW!

EMU claims that they do not install a rootkit, but something else that is (supposed) easy to remove, BUT if you remove the EMI music program, you can't play their cds anymore either. This is a little bit against my idea of freedom of information, but it's less terrifying than i was thinking of sony, that uses a thing about as close to a worm/trojan you can get.

Another point is that i don't really believe EMI on this point. "We do not use [product X]!" question: what are you using besides the things you showed us just now? In my opinion it might even be a diversion. But thats me being paranoid.

More updates when i can find them.

[Elite.Pete]

have you seen the article about how the sony rootkit stops the World of warcraft antihack spyware? apparently hackers everywhere are flocking to buy a sony cd so they can hack in peace.. quite interesting

http://www.techspot.com/news/19318-sonys-drm-used-by-wow-cheaters.html

heh (sony) Rootkit -Vs- (blizzard) spyware... Winner (sony) Rootkit

[water]

I was talking to a friend about this. Not this specific example of what has happened, but about this type of thing happening. And how this software could cause lawsuits from other software manufacturers when it interferes with something someone has purchased.

You can continue that with having to have warning labels on software boxes like "May not function properly if you play Sony CD's in your computer".

How bad is THAT PR?

[resopalrabotnick]

even worse, you figure out a way to disable that piece of software and play the cd anyway and you make yourself guilty of breaking the rules of the millenium copyright act. screwy that is.

[netmasta]

My question is, is Sony breaking any laws by installing this rootkit, dare I say spyware, without you even knowing?

[RTB]

Some Italian organization already sued Sony, for breaking the law. So I guess that's a yes.

[ackthecat]

Dont like it at all-just another means for Big Bother to keep tabs on you!

I wont buy sony products again!

:Ackthecat

[JustinOhioRR]

It is illegal for them to do this because there was "NO" warning or any information until it got leaked out. This has ben going on ffor a long time......

Basically it boils down to Sony being greedy,if you delte the rootkit, and try to playtheir cd's it wont work, and if it does, it will only work on a Sony software player....

this rootkit is easy to get around though, many people on the AMD forums I play at,  already had this rootkit and removed it with ease.

[Khronic]

I bet you all didn't know that Michael Jackson own's half of Sony...well at some point he did,i don't know about now....

[water]

Oh Boy, here it goes. Malicious use of their rootkit by hackers... oh geez!

Original Article found here! http://news.com.com/Bots+for+Sony+CD+software+spotted+online/2100-1029_3-5944643.html?tag=nefd.lede

A first wave of malicious software written to piggyback on Sony BMG Music Entertainment CD copy protection tools has been spotted online, computer security companies said Thursday.

Sony's software, installed when playing one of the record label's recent copy-protected CDs in a computer, hides itself on hard drives using a powerful programming tool called a "rootkit." But the tool leaves the door open behind it, allowing other software--including viruses--to be deeply hidden behind the rootkit cloak.

The first version of a Trojan horse spotted early Thursday, which aims to give an attacker complete remote control over an infected computer, didn't work well. But over the course of the day, several others emerged that apparently fixed early flaws.

"This is no longer a theoretical vulnerability, it is a real vulnerability," said Sam Curry, vice president of Computer Associates' eTrust Security Management division. "This is no longer about digital rights management or content protection, this is about people having their PCs taken over."

Sony's use of the rootkit software has sparked a firestorm of criticism online and off over the company's techniques, highlighting concerns that remain over record labels' increasingly ambitious attempts to control the ways consumers can use purchased music.

Last week, plaintiffs' attorney Alan Himmelfarb filed a class action suit against Sony BMG in Los Angeles federal court, asserting that the company had violated state and federal statues on unauthorized computer tampering. The company's actions also constituted fraud, trespass and false advertising, the suit contends.

Other attorneys say they are considering other suits. Several Italian consumer groups also have said they are looking into the prospect of taking legal action against Sony, although the relevant discs were distributed by the record label's U.S. division and not intended for overseas sale.

Sony's use of the rootkit stems from record companies' growing concerns that unrestricted music copying is undermining their sales, and they have been looking for a technological way to limit the number of copies that people can make of each CD they buy.

Sony BMG has experimented with several different ways to do this. The current controversy focuses on just one of those tools, created by a British company called First 4 Internet.

The First 4 Internet software is included on a handful of CDs, including recent releases from My Morning Jacket and Southern rockers Van Zant. When the albums are put in a computer's CD drive, they ask a listener to click through a consent form, and then install the rootkit copy-protection software on the hard drive.

A rootkit is a tool that takes a high level of control over a computer, potentially even preventing the original computer user from performing certain tasks. In this case, the First 4 Internet hides itself from view in the computer's guts.

One Trojan horse discovered by security companies Thursday is a variant of a pre-existing software distributed by spam e-mail, among other techniques.

One version of the e-mail claims to be from a business publication and says that it is using a photograph of the recipient for a soon-to-be published article, according to security company BitDefender. Clicking on the alleged photograph installs the malicious software, which then connects automatically to the Internet Relay Chat (IRC) chat network, opening up a channel to control the infected computer.

In a new version of the program, the software hides itself using Sony's rootkit tool and then tries to connect to a server on the chat network. The first version of the Trojan was unable to function after hiding itself, security company F-Secure said. However, several other variants have been found that are able to successfully take over control of a computer after hiding under the Sony software.

All virus companies are rating the danger as fairly low so far, since the Trojans seem to be spreading slowly.

Most antivirus companies are releasing versions of their software that identify or remove the Sony software. A patch on the Sony Web site will uncloak the copy protection tools, but computer users must contact Sony's customer service for instructions on removing it altogether.

Neither Himmelfarb nor a Sony BMG spokesman could immediately be reached for comment. A SonyBMG representative contacted last week noted that the software could be easily uninstalled by contacting the company's customer support service for instructions.

I won't be putting these on MY PC, at least not the one that's hooked to the internet!

[resopalrabotnick]

so if ms brings out a patch to nuke the rootkit then the people that have no idea will blame ms for not being able to play their cds. i hope ms sues sony in that case. talk about a clash of the titans.

[water]

http://news.com.com/2100-1029-5944549.html?tag=yt

By Graeme Wearden

Special to CNET News.com

Published: November 10, 2005, 12:03 PM PST

The Electronic Frontier Foundation (EFF), a cyber-rights group, said on Wednesday that it identified 19 Sony CDs containing a rootkit application that disguises the company's invasive copy-restriction technology.

The software is hard to remove from a PC without causing damage and can be used to hide malicious code; antivirus vendors warned on Thursday afternoon the first malicious software to exploit it has been found.

The discovery of Sony's CD rootkit kicked off a furor, but the company has not said which CDs contain the DRM protection.

According to the EFF, the following CDs contain the DRM in question:

[peepnklown]

Sony to Suspend Making Antipiracy CDs

[water]

Yeah, well it's about time.

Now to wait fro the next game.

*taps her fingers on the desk*

[resopalrabotnick]

uh oh, sony done woke up the big dog.

http://blogs.technet.com/antimalware/archive/2005/11/12/414299.aspx

[water]

So Bill hired a smart one there eh?

Thanks for the update. This is like a soap opera.

Tune in tomorrow to find out what happens on "Software In Our Lives"